{"id":34764,"date":"2025-10-26T15:59:04","date_gmt":"2025-10-26T22:59:04","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=34764"},"modified":"2025-10-26T16:12:15","modified_gmt":"2025-10-26T23:12:15","slug":"sb-2025-10-26","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/10\/sb-2025-10-26\/","title":{"rendered":"Security Bits \u2014 26 October 2025"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/cyberinsider.com\/us-court-blocks-spyware-vendor-nso-group-from-targeting-whatsapp-users\/\">US Court Blocks Spyware Vendor NSO Group from Targeting WhatsApp Users \u2014 cyberinsider.com\/\u2026<\/a> (Maybe their recent change to US ownership will give this injunction more teeth!)<\/li>\n<li>Update on the <em>Tea<\/em> app which suffered such catastrophic data breaches recently: <a href=\"https:\/\/www.macobserver.com\/news\/apple-confirms-removal-controversial-dating-apps-after-safety-breaches\/\">Apple confirms removal of controversial dating apps after safety breaches \u2014 www.macobserver.com\/\u2026<\/a> (the male-focused clone <em>TeaOnHer<\/em> also removed, but both still on Google Play Store \ud83d\ude41)<\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws\/\">Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>A reminder that this is the last set of patches for Windows 10 users not on an Extended Security Updates (ESU) plan \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/final-windows-10-patch-tuesday-update-rolls-out-as-support-ends\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>It&#8217;s not just Windows 10: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-office-2016-and-office-2019-have-reach-end-of-support\/\">Microsoft: Office 2016 and Office 2019 have reached end of support \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Technical debt strikes again: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-restricts-ie-mode-access-in-edge-after-zero-day-attacks\/\">Microsoft restricts IE mode access in Edge after zero-day attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks\/\">Microsoft disables File Explorer preview for downloads to block attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\u26a0\ufe0f <strong>Framework Laptop Owners:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems\/\">Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops \u2014 www.bleepingcomputer.com\/\u2026<\/a> (patch available, so apply!)<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><strong>A Timely Reminder that Malicious Ads are Still a Problem:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-ads-for-fake-homebrew-logmein-sites-push-infostealers\/\">Google ads for fake Homebrew, LogMeIn sites push infostealers \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<\/li>\n<li>\n<p><strong>Reminder \u2014 Agentic AI Browsers and ad-ins are too New to be Safe:<\/strong> (AI taking actions, not answering questions)<\/p>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/perplexity-ceo-warns-iphone-users-about-fake-comet-app-on-the-app-store\/\">Perplexity CEO warns iPhone users about fake \u201cComet\u201d app on the App Store \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/spoofed-ai-sidebars-can-trick-atlas-comet-users-into-dangerous-actions\/\">Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities\/\">Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>> Cursor and Windsurf are AI-powered code editors forked from Visual Studio Code. They integrate large-language models (LLMs) to help developers write software more easily and quickly.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Cybercriminals have developed a new and deviously strategy:<\/strong> fake company&#8217;s legitimate legacy features, i.e. <strong>tricking living users into thinking they have been reported as dead<\/strong> and must act immediately or their legacy contacts will be given access to their account:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-lastpass-death-claims-used-to-breach-password-vaults\/\">Fake LastPass death claims used to breach password vaults \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Expect this tactic to be used against other services that have similar features (Meta &amp; Apple are likely future targets since they have mature legacy features)<\/li>\n<\/ul>\n<\/li>\n<li><strong>A new &#8216;ClickFix&#8217; variation:<\/strong> <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/32380\">TikTok Videos Promoting Malware Installation &#8211; SANS ISC \u2014 isc.sans.edu\/\u2026<\/a><\/p>\n<\/li>\n<li>\n<p>\u26a0\ufe0f <strong>Signal Users:<\/strong> <a href=\"https:\/\/cyberinsider.com\/signal-users-targeted-by-fake-support-messages-for-account-hijacks\/\">Signal Users Targeted by Fake Support Messages for Account Hijacks \u2014 cyberinsider.com\/\u2026<\/a><\/p>\n<\/li>\n<li>\n<p>\u26a0\ufe0f <strong>iPhone Users:<\/strong> Apple have changed how iPhones treat unknown USB devices in iOS 26, the new setting is less secure than the old, but may be a better trade-off for most people \u2014 <a href=\"https:\/\/www.cultofmac.com\/how-to\/iphone-juice-jacking\">www.cultofmac.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> the headline is clickbait and out of tune with the article itself)<\/p>\n<ul>\n<li><strong>Previous Default Behaviour:<\/strong> always ask for confirmation before making a data connection to any unknown device (still available as <strong>Settings \u2192 Privacy &amp; Security \u2192 Wired Accessories \u2192 Ask for New Accessories<\/strong>)<\/li>\n<li><strong>New Default Behaviour:<\/strong> only ask for confirmation if the phone is locked when the connection is made.<\/li>\n<li>So-called <em>&#8216;Juice Jacking&#8217;<\/em> attacks have been theoretically possible for years, but rather surprisingly, have not (yet at least) been deployed widely in the real world, so (today at least), the actual risk for regular users is low, which might explain the change.<\/li>\n<\/ul>\n<\/li>\n<li>\u26a0\ufe0f <strong>\ud83c\uddfa\ud83c\uddf8 Apple Users:<\/strong> <a href=\"https:\/\/www.macobserver.com\/news\/is-applestoreusa-com-legit-no-heres-what-to-do\/\">Is \u2018Applestore[@]usa[.]com\u2019 Legit? No \u2014 here\u2019s what to do \u2014 www.macobserver.com\/\u2026<\/a><\/p>\n<\/li>\n<li>\n<p>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/cyberinsider.com\/prosper-data-breach-exposed-17-6-million-peoples-information\/\">Prosper Data Breach Exposed 17.6 Million People\u2019s Information \u2014 cyberinsider.com\/\u2026<\/a><\/p>\n<ul>\n<li>A major US peer-to-peer lending platform<\/li>\n<li>No mention of affected users being notified, but the data has been loaded into <a href=\"https:\/\/haveibeenpwned.com\/Breach\/Prosper\">Have-I-Been-Pwned<\/a>, and the list of breached fields is extremely worrying \ud83d\ude15<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Have-I-Been-Pwned has loaded one of the biggest dumps of stolen credentials circulating on the dark web to their breach notification service \u2014 <a href=\"https:\/\/www.troyhunt.com\/inside-the-synthient-threat-data\/\">www.troyhunt.com\/\u2026<\/a>\n<ul>\n<li>This catalogue of stolen credentials was harvested from cybercriminals by security researchers; it is not a traditional breach<\/li>\n<li>These credentials were stolen using key loggers and other data-stealing malware, so they&#8217;re taken from users, not from websites<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/google-quietly-dismantles-core-of-privacy-sandbox-for-chrome\/\">Google Quietly Dismantles Core of Privacy Sandbox for Chrome \u2014 cyberinsider.com\/\u2026<\/a>\n<ul>\n<li>Might be a blessing in disguise \u2014 rather than rolling their own Chrome-only solutions, they are switching to working within the W3C to develop new privacy-protecting standards to replace third-party cookies<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/cyberinsider.com\/eff-sues-us-government-over-ai-powered-social-media-surveillance\/\">EFF Sues US Government Over AI-Powered Social Media Surveillance \u2014 cyberinsider.com\/\u2026<\/a><\/p>\n<\/li>\n<li>\n<p>\ud83c\uddfa\ud83c\uddf8 California becomes the next US state to impose age verification on App Stores \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/25\/10\/13\/google-facebook-like-californias-new-age-check-law-but-apple-hates-it\">appleinsider.com\/\u2026<\/a> (Headline does not match actual article content)<\/p>\n<ul>\n<li>No ID requirements, so not a privacy  problem<\/li>\n<li>Effectively forces App Store operators to give parents the tools they need to manage their kids devices<\/li>\n<li>Forces App Stores to make specific age brackets available to developers<\/li>\n<li>Apple already has an API for this (added with \ud83c\udf4eOS 26), but the age ranges don&#8217;t align, so Apple will need to add some new API calls to comply, but won&#8217;t need to make Major changes \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/apple-faces-new-app-store-age-verification-rule-in-california\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li>Google may have a little more work to do, but shouldn&#8217;t be a big deal.<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddea\ud83c\uddfa \ud83c\udde6\ud83c\uddf9 <a href=\"https:\/\/cyberinsider.com\/austrian-dpa-finds-microsoft-365-illegally-tracked-students\/\">Austrian DPA Finds Microsoft 365 Illegally Tracked Students \u2014 cyberinsider.com\/\u2026<\/a>\n<ul>\n<li>Microsoft US was found to be exerting too much influence over Microsoft Ireland, so the case found against the US parent company, not the European subsidiary.<\/p>\n<\/li>\n<li>\n<blockquote>\n<p>The DSB confirmed that Microsoft 365 Education set several non-essential tracking cookies without user consent. These cookies were found to be unnecessary for technical operation and thus required prior consent, which was not obtained. As a result, Microsoft, the Ministry, and the school must now check whether these cookies are still in use and delete any associated data within ten weeks\n<\/p><\/blockquote>\n<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddee\ud83c\uddea <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland\/\">Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>\n<blockquote><p>\n  After the zero-days are exploited at Pwn2Own, the vendors have 90 days to release patches before Trend Micro&#8217;s Zero Day Initiative publicly discloses them.\n<\/p><\/blockquote>\n<\/li>\n<li>Expect a whole bunch of patches for major products from Apple, Google, Samsung, Meta, QNAP, and more soon<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><a href=\"https:\/\/cyberinsider.com\/firefox-add-ons-must-declare-data-collection-starting-november-3\/\">Firefox Add-ons Must Declare Data Collection Starting November 3 \u2014 cyberinsider.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> good to see these older app stores back-port the kinds of features Apple have been adding to theirs)<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/cyberinsider.com\/meta-rolls-out-new-anti-scam-features-on-whatsapp-and-messenger\/\">Meta Rolls Out New Anti-Scam Features on WhatsApp and Messenger \u2014 cyberinsider.com\/\u2026<\/a> (the intelligent screen-share blocking looks particularly useful for disrupting scams)<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/cyberinsider.com\/mullvad-web-app-passes-security-audit-with-almost-perfect-score\/\">Mullvad VPN\u2019s Web App Passes Security Audit With Almost Perfect Score \u2014 cyberinsider.com\/\u2026<\/a><\/p>\n<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>\ud83c\udfa7 Turns out this story is much more nuanced that it first appears: <a href=\"https:\/\/overcast.fm\/+AA4qHoDPmIw\">kill switch: maybe ICEBlock was \u2018activism theater,\u2019 but is banning it protecting us? \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li><strong>From Allison:<\/strong> The best episode of This Week in Tech I&#8217;ve ever listened to. Leo had on Jacob Ward, Harper Reed, and Abrar Al-Heeti. The discussions on AI were enlightening and funny at the same time.  <a href=\"https:\/\/twit.tv\/shows\/this-week-in-tech\/episodes\/1054?autostart=false\">&#8220;Nine Days a Week&#8221; for 19 October 2025<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Allister Jenks:<\/strong> <a href=\"https:\/\/beige.party\/@rooster\/115432795890734504\">Jessica Rooster: &#8220;HAL 9000: I\u2019m sorry Dave, I\u2019m afraid I can\u2019t do t\u2026&#8221; &#8211; beige.party \u2014 beige.party\/\u2026<\/a> (In the NosillaCast Slack at <a href=\"https:\/\/podfeet.com\/slack\">podfeet.com\/slack<\/a>)<\/li>\n<li><strong>From NosillaCastaway Joop:<\/strong> \ud83c\udfa6 <a href=\"https:\/\/www.youtube.com\/watch?v=LB8KwiiUGy0\">Node.js: The Documentary, An origin story \u2014 www.youtube.com\/\u2026<\/a><\/li>\n<li><strong>From <a href=\"https:\/\/www.maynoothuniversity.ie\/faculty-science-engineering\/our-people\/david-malone\">Maynooth University Prof David Malone<\/a>:<\/strong> A fun timeline from the first password to passkeys \u2014 <a href=\"https:\/\/ssg.dev\/from-passwords-to-passkeys\/\">ssg.dev\/\u2026<\/a><\/li>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>A very useful free Mac app from Devon Technologies (of Devon Think fame): <a href=\"https:\/\/www.devontechnologies.com\/blog\/20251014-network-utility-20\">Neo Network Utility 2.0 \u2014 www.devontechnologies.com\/\u2026<\/a><\/li>\n<li>\ud83c\udfa6 A simply amazing conversation with the much missed Jane Goodall recorded a few months before her recent death: <a href=\"https:\/\/web.archive.org\/web\/20251004181224\/https:\/www.netflix.com\/tudum\/articles\/jane-goodall-famous-last-words-documentary\">Jane Goodall Interview on &#8216;Famous Last Words&#8217; \u2014 Netflix Tudum (via web.archive.org\/\u2026)<\/a> (<a href=\"https:\/\/www.netflix.com\/title\/82053197\">direct Netflix link<\/a>)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. \ud83c\uddfa\ud83c\uddf8 US Court Blocks Spyware Vendor NSO Group from Targeting WhatsApp Users \u2014 cyberinsider.com\/\u2026 (Maybe their recent change to US ownership will give this injunction more teeth!) Update on the Tea app which suffered [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[5548,170,6028,114,7644,50,569,2003],"class_list":["post-34764","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-cybersecurity","tag-hack","tag-have-i-been-pwnd","tag-privacy","tag-pwn2own","tag-security","tag-security-bits","tag-vulnerabilities"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=34764"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34764\/revisions"}],"predecessor-version":[{"id":34773,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34764\/revisions\/34773"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=34764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=34764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=34764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}